You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
4.6 KiB
YAML
143 lines
4.6 KiB
YAML
global:
|
|
prometheus:
|
|
release_label: &prometheusStackDiscoveryLabel kube-prometheus-stack
|
|
|
|
tenant:
|
|
tenant:
|
|
name: s3-mobene-keycloak-prodwork01
|
|
configuration:
|
|
name: minio-config
|
|
pools:
|
|
- servers: 4
|
|
volumesPerServer: 2
|
|
storageClassName: hcloud-volumes
|
|
size: 10Gi
|
|
buckets:
|
|
- name: postgres
|
|
region: ""
|
|
users:
|
|
- name: pgbackup
|
|
prometheus:
|
|
diskCapacityGB: false
|
|
log:
|
|
audit:
|
|
diskCapacityGB: false
|
|
env:
|
|
- name: MINIO_PROMETHEUS_AUTH_TYPE
|
|
value: "public"
|
|
- name: MINIO_PROMETHEUS_JOB_ID
|
|
value: "mobene-keycloak"
|
|
- name: MINIO_PROMETHEUS_URL
|
|
value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
|
|
- name: CONSOLE_PROMETHEUS_URL
|
|
value: "http://kube-prometheus-stack-prometheus.monitoring:9090"
|
|
ingress:
|
|
api:
|
|
enabled: true
|
|
ingressClassName: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
cert-manager.io/issue-temporary-certificate: "true"
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/proxy-body-size: 32m
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: >-
|
|
212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32
|
|
host: s3storage-mobene-keycloak-prodwork01.smardigo.digital
|
|
tls:
|
|
- secretName: s3-miniotest-cert
|
|
hosts:
|
|
- s3storage-mobene-keycloak-prodwork01.smardigo.digital
|
|
console:
|
|
enabled: true
|
|
ingressClassName: nginx
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
cert-manager.io/issue-temporary-certificate: "true"
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTPS
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
host: s3console-mobene-keycloak-prodwork01.smardigo.digital
|
|
tls:
|
|
- secretName: s3-console-cert
|
|
hosts:
|
|
- s3console-mobene-keycloak-prodwork01.smardigo.digital
|
|
|
|
postgres:
|
|
pg_operator:
|
|
namespace: zalando-postgres-operator
|
|
monitoring:
|
|
prometheusPushgatewayURL: "http://prometheus-pushgateway.monitoring:9091/metrics/job/pg_basebackup"
|
|
alerts:
|
|
postgres:
|
|
basebackup:
|
|
timeThreshold: 86400
|
|
teamLabel: '' # empty but no defined alertmanager receiver => catchall devops-team
|
|
name: &pg_cluster_name postgres-cluster
|
|
spec:
|
|
teamId: "postgres"
|
|
volume:
|
|
size: 10Gi
|
|
numberOfInstances: 3
|
|
users:
|
|
keycloak_admin:
|
|
- superuser
|
|
- createdb
|
|
databases:
|
|
keycloak: &database_username keycloak_admin
|
|
preparedDatabases:
|
|
keycloak: {}
|
|
postgresql:
|
|
version: "14"
|
|
parameters:
|
|
max_connections: "100"
|
|
resources:
|
|
limits:
|
|
memory: 2Gi
|
|
requests:
|
|
cpu: "0.5"
|
|
additionalVolumes:
|
|
-
|
|
name: backup-monitoring-script
|
|
mountPath: /nso_scripts/
|
|
volumeSource:
|
|
configMap:
|
|
name: backup-monitoring-script
|
|
defaultMode: 0777
|
|
targetContainers:
|
|
- postgres
|
|
|
|
prometheus-postgres-exporter:
|
|
serviceMonitor:
|
|
enabled: true
|
|
labels:
|
|
release: kube-prometheus-stack
|
|
rbac:
|
|
pspEnabled: false
|
|
config:
|
|
datasourceSecret:
|
|
name: postgres-exporter-database-connection
|
|
key: datasource
|
|
|
|
keycloak:
|
|
image:
|
|
registry: prodnso-harbor-01.smardigo.digital
|
|
repository: smardigo/keycloak
|
|
tag: 20.0.2.1
|
|
pullSecrets:
|
|
- harbor-pull-secret
|
|
debug: true
|
|
args:
|
|
- "start"
|
|
httpRelativePath: "/auth/"
|
|
ingress:
|
|
enabled: true
|
|
hostname: keycloak-prodwork01.smardigo.digital
|
|
annotations:
|
|
cert-manager.io/cluster-issuer: letsencrypt-prod
|
|
cert-manager.io/issue-temporary-certificate: "true"
|
|
nginx.ingress.kubernetes.io/backend-protocol: HTTP
|
|
nginx.ingress.kubernetes.io/force-ssl-redirect: "true"
|
|
nginx.ingress.kubernetes.io/ssl-passthrough: "true"
|
|
nginx.ingress.kubernetes.io/whitelist-source-range: >-
|
|
212.121.131.106/32,149.233.6.129/32,46.245.219.98/32,164.138.195.162/32,195.201.31.227/32,167.235.150.201/32,167.235.150.198/32,167.235.150.195/32,167.235.150.133/32,167.235.150.197/32,23.88.53.161/32,195.201.113.110/32,5.75.184.216/32,195.201.127.50/32,164.92.251.253/32,91.107.228.133/32,167.235.25.0/32
|